I am running McAfee and your info page said to not load AVG if you were already running other virus software. At any rate I did attempt to run the AVG online scan but it would not complete using either of the Housecall Kernels. It timed out saying my internet was too slow. There must be some other issue as the internet is not that slow as it is high speed and though not as fast now as it should be its still fast enough to download stuff quickly.
Should I still download and run the AVG even though I have McAfee?
thanks
frank

Only fix the above 017 entries if they don`t belong to your ISP or you don`t recognise the domain.

O20 - Winlogon Notify: pmnnnmk - C:\WINNT2\SYSTEM32\pmnnnmk.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\windows\system32\blank.htm

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\WINNT2\SYSTEM32\pmnnnmk.dll

Once your system has rebooted, rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of ffarah only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I did what you suggested but the viruses are still here. I noticed that the 02-BHO (noname) -(4C2142F9***) and 020 winlogon Notify ****pmnnmk.dll did not delete with the HJT fix. Also the killbox did not remove the file pmnnmk.dll. I got the following error when i tried to delete the file:
PendingFileRenameOperation Registry Data has been Removed byexternal process.

We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.

Disable Spybot's TeaTimer. This is a two step process.First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D ResidentSecond:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.

We also need to disable the AVG Antispyware guard.

Run AVG Antispyware and next to where is says resident shield, click change state to make it inactive. Close AVG Antispyware.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply.

when it reboots and post a fresh HJT log.

Regards Howard

This thread is for the use of ffarah only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

netadp.exe

Close task manager.

Click start run and type regedit into the run box and press the enter key. Navigate to the following registry key and delete Network Bridge, by right clicking on it in the righthand pane and selecting delete.

Damn. The net work bridge is still there. I deleted it in the registry, but when I ran HJT and looked for it it was not there. Now that I have rebooted in normal mode its now back in HJT.
I have attached the log.
thanks

Hi again. I ran the McAfee stinger programs. All of them. There were 5 in all
I did get a positive on the w32 W32/sdbot worm but it was unable to clean it. I tried going into safe mode, but when I ran the stinger again it did not find any thing. The virus is still there as i am getting AVG reports on its activities. I also blocked the registry Network Bridge in TeaTimer. TeaTimer is coming up with a block on the request to change Network Bridge every 10 seconds or so.

Ok, try this removal tool HERE. I`m sorry for not being able to just get rid of this for you, but it`s a fairly new variant, so all I can do is keep trying different things until we either get rid of it, or I run out of ideas.

Regards Howard

This thread is for the use of ffarah only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

"Ok, try this removal tool HERE. I`m sorry for not being able to just get rid of this for you, but it`s a fairly new variant, so all I can do is keep trying different things until we either get rid of it, or I run out of ideas"...